16

As a GitHub administrator, I would like to lock a particular branch in GitHub for all users. For e.g. if I do not want anyone to push to Master/Production or a Project branch, how can I do that.

Instead of using any client side hooks, is there a way to lock a branch on GitHub server directly ? Are there any third party tools/api's/scripts which can help achieve this ?

Saurabh Porwal
  • 171
  • 1
  • 1
  • 5
  • As of September 2015, you can now protect branches directly in Github: https://github.com/blog/2051-protected-branches-and-required-status-checks – Matt Grande Jul 28 '16 at 15:48
  • As of Oct. 2022, you actually have a ["lock" option on branches](https://stackoverflow.com/a/74143308/6309). – VonC Oct 20 '22 at 16:28

3 Answers3

11

@Saurabh, I have done a similar thing according to your requirement on GitHub:

  • Navigate to Settings
  • Navigate to Branches
  • Tap on Add Rule near "Branch protection rules"
  • Tick the Require pull request reviews before merging checkbox

These steps apply a lock on, for example to master, so that no collaborators can push code to this branch. Code only be merged using pull requests.

Link to documentation

Screenshots:

enter image description here

enter image description here

enter image description here

Note: Protected branches are available to Pro, Team, and Enterprise users

note pro feature only

Umutambyi Gad
  • 4,082
  • 3
  • 18
  • 39
CrazyPro007
  • 1,006
  • 9
  • 15
4

Since Oct. 2022, there is a simpler option:

New Branch Protections: Last Pusher and Locked Branch (Oct. 2022)

Push protection enabled.

This allows for branches to be locked, prohibiting changes.
You can lock a branch allowing you to have a maintenance window and prevent changes, or to protect a fork so it only receives changes from its upstream repository.

To use this feature in a branch protection rule, enable Lock branch.

https://i0.wp.com/user-images.githubusercontent.com/7575792/196246562-59b7b156-a180-4830-ae67-d202ec49f172.png?ssl=1 -- Screenshot of Lock branch with fork sync enabled

For more information, read About protected branches in the GitHub documentation.

We appreciate feedback on this and other topics in GitHub's public feedback discussions.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Does this still allow approved PRs to be merged? – Marko Jul 17 '23 at 07:21
  • 1
    @Marko Good question, I have not tested it. The [official documentation](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch) states: "Locking a branch ensures that no commits can be made to the branch.". So I would say: "no". – VonC Jul 17 '23 at 07:23
  • I tested this today. It is not possible to merge a PR into a locked branch. – Jagerber48 Aug 18 '23 at 14:08
  • @Jagerber48 OK, that makes sense, I suppose. – VonC Aug 18 '23 at 14:42
2

The easiest solution is to have that branch in its own repo (for which no collaborators) are declared.

Otherwise, GitHub doesn't provide any native "branch protection" feature, as mentioned in "How to protect “master” in github?"

You could setup a webhook which on a push event can refuse the push if the branch has a given name.

An example would be terite/pull-to-master which protects master:

if (json.ref != 'refs/heads/master')
  return cb([200, 'Skipping, not master']);

This is not a client-side hook, but it does require a client to listen to the JSON payload of the push event in order to react to it.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250